Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/NQse1fvHn5muDG-BX1sGE5gLydU.roa
File:                     NQse1fvHn5muDG-BX1sGE5gLydU.roa (raw, json)
Hash identifier:          3Kt6B5hOz9SIKQ536FJZMHgEHosrGLb/Ys0i8S5ngJk=
Subject key identifier:   35:0B:1E:D5:FB:C7:9F:99:AE:0C:6F:81:5F:5B:06:13:98:0B:C9:D5
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019D2E7820C05629D994995AD6535C710D9A
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/NQse1fvHn5muDG-BX1sGE5gLydU.roa
Signing time:             Fri 27 Mar 2026 08:45:17 +0000
ROA not before:           Fri 27 Mar 2026 08:45:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150293
IP address blocks:        79.172.214.0/24 maxlen: 24
                          87.229.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 19:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2e:78:20:c0:56:29:d9:94:99:5a:d6:53:5c:71:0d:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Mar 27 08:45:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=350b1ed5fbc79f99ae0c6f815f5b0613980bc9d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:77:66:6c:87:20:17:a8:00:23:2c:78:97:c5:
                    9b:7f:04:33:28:41:55:6d:90:02:05:43:b7:20:1f:
                    0d:1d:ce:c2:47:64:42:9d:77:b8:77:d3:9c:4f:04:
                    0b:74:45:35:4e:c2:21:40:d9:09:7e:59:d7:2a:5d:
                    49:7c:d2:60:45:c4:c3:cc:24:0b:13:47:83:96:9e:
                    60:08:ef:52:27:4c:48:92:ce:c4:05:57:8f:f9:41:
                    81:92:b0:9a:95:c4:b0:b3:5f:22:61:0f:2d:be:90:
                    62:61:65:58:99:15:5a:f4:81:51:9f:bb:e6:da:9f:
                    eb:13:21:03:df:d4:bf:d4:ec:5a:f4:f6:81:a2:e1:
                    ff:2d:80:54:68:11:ff:40:31:7f:03:c6:bf:28:b5:
                    3d:d9:09:f0:ae:eb:37:b1:d8:94:9b:ba:78:a7:98:
                    ad:a4:e7:05:fc:cc:98:9d:c6:e2:d9:0b:1a:e2:7d:
                    2a:f3:89:93:09:34:62:dd:15:29:04:8d:27:8a:12:
                    e0:3c:e5:81:b2:89:e0:18:05:1e:68:84:b5:9e:d2:
                    1d:e7:42:6b:9b:82:5a:0b:59:01:0c:86:13:59:59:
                    8d:b3:16:79:1c:d4:d4:04:cb:c8:88:1b:c1:56:22:
                    35:4a:e4:2f:49:81:11:58:15:42:4e:6a:0e:45:f7:
                    ac:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:0B:1E:D5:FB:C7:9F:99:AE:0C:6F:81:5F:5B:06:13:98:0B:C9:D5
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/NQse1fvHn5muDG-BX1sGE5gLydU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.214.0/24
                  87.229.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:90:c1:e2:79:56:ce:e5:30:74:d4:42:e8:eb:86:28:da:16:
         26:ca:80:35:98:cc:44:0f:06:1a:55:22:2f:90:1e:87:6b:a0:
         07:38:6a:a0:65:1b:d3:8d:3b:a7:e8:7c:04:0b:c8:36:52:29:
         0c:c6:4d:77:9f:9c:90:54:ae:03:32:7a:c1:1d:a0:45:af:4a:
         40:9c:74:a9:1b:e2:1a:c4:57:a7:7e:c2:ba:91:e0:ff:0e:86:
         48:ff:ed:ef:9a:cf:00:72:fe:ff:4a:88:33:be:8a:bd:0d:e9:
         df:40:48:2e:6c:ee:e2:e6:4c:03:40:e1:b7:98:87:f7:f2:c3:
         b0:48:86:06:4b:fb:cb:ad:e6:e4:3f:d5:ad:ad:ac:31:2f:f9:
         93:10:08:dd:77:e0:29:34:9a:af:38:1c:87:33:88:db:12:c9:
         9a:2f:5b:ab:7f:ef:b3:7b:6a:5e:61:c9:e8:41:0b:a6:cb:78:
         b1:56:eb:52:93:78:bc:e4:1e:26:71:3d:06:77:7d:99:21:2c:
         a2:4d:31:7a:e0:3d:70:f9:67:92:43:b3:e5:b9:7a:a6:3e:3b:
         6d:84:0d:b0:8c:66:ba:4b:19:d2:4f:68:0f:55:24:79:34:f7:
         a5:b9:51:34:69:f9:b9:75:32:60:62:98:52:6e:e4:af:e8:82:
         14:65:26:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0ueCDAVinZlJla1lNccQ2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjYwMzI3MDg0NTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTBiMWVkNWZiYzc5Zjk5YWUwYzZmODE1ZjViMDYxMzk4MGJjOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXdmbIcgF6gAIyx4l8WbfwQzKEFV
bZACBUO3IB8NHc7CR2RCnXe4d9OcTwQLdEU1TsIhQNkJflnXKl1JfNJgRcTDzCQL
E0eDlp5gCO9SJ0xIks7EBVeP+UGBkrCalcSws18iYQ8tvpBiYWVYmRVa9IFRn7vm
2p/rEyED39S/1Oxa9PaBouH/LYBUaBH/QDF/A8a/KLU92Qnwrus3sdiUm7p4p5it
pOcF/MyYncbi2Qsa4n0q84mTCTRi3RUpBI0nihLgPOWBsongGAUeaIS1ntId50Jr
m4JaC1kBDIYTWVmNsxZ5HNTUBMvIiBvBViI1SuQvSYERWBVCTmoORfesgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDULHtX7x5+ZrgxvgV9bBhOYC8nVMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvTlFzZTFmdkhuNW11REctQlgxc0dFNWdMeWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT6zWAwQA
V+VAMA0GCSqGSIb3DQEBCwUAA4IBAQAZkMHieVbO5TB01ELo64Yo2hYmyoA1mMxE
DwYaVSIvkB6Ha6AHOGqgZRvTjTun6HwEC8g2UikMxk13n5yQVK4DMnrBHaBFr0pA
nHSpG+IaxFenfsK6keD/DoZI/+3vms8Acv7/Sogzvoq9DenfQEgubO7i5kwDQOG3
mIf38sOwSIYGS/vLrebkP9WtrawxL/mTEAjdd+ApNJqvOByHM4jbEsmaL1urf++z
e2peYcnoQQumy3ixVutSk3i85B4mcT0Gd32ZISyiTTF64D1w+WeSQ7PluXqmPjtt
hA2wjGa6SxnST2gPVSR5NPeluVE0afm5dTJgYphSbuSv6IIUZSb6
-----END CERTIFICATE-----